Generic library for managing signed authentication tokens.
Project description
This is generic support library for doing token-based authentication. You might use it to build a login system using bearer tokens, two-legged oauth, or MAC Access authentication.
Given a server-side master secret, you can serialize a dict of data into an opaque, unforgeable authentication token:
>>> token = tokenlib.make_token({"userid": 42}, secret="I_LIKE_UNICORNS")
>>> print token
eyJzYWx0IjogImY0NTU5NCIsICJleHBpcmVzIjogMTMyOTg3NTI2Ny4xNDQ5MzUsICJ1c2VyaWQiOiA0Mn0miXCe4NQQtXTE8NXSGcsL6dzSuQ==
Later, you can use the same secret to verify the token and extract the embedded data:
>>> data = tokenlib.parse_token(token, secret="I_LIKE_UNICORNS")
>>> print data
{u'userid': 42, u'expires': 1329875384.073159, u'salt': u'1c033f'}
Notice that the data includes an expiry time. If you try to parse an expired token, it will fail:
>>> # Use now=XXX to simulate a time in the future. >>> tokenlib.parse_token(token, secret="I_LIKE_UNICORNS", now=9999999999) Traceback (most recent call last): ... ValueError: token has expired
Likewise, it will fail if the token was constructed with a non-matching secret key:
>>> tokenlib.parse_token(token, secret="I_HATE_UNICORNS") Traceback (most recent call last): ... ValueError: token has invalid signature
Each token also has an associated “token secret”. This is a secret key that can be shared with the consumer of the token to enable authentication schemes such as MAC Access Authentication of Two-Legged OAuth:
>>> key = tokenlib.get_token_secret(token, secret="I_LIKE_UNICORNS") >>> print key EZslG8yEYTGyDvBjRnxGipL5Kd8=
For applications that are using the same settings over and over again, you will probably want to create a TokenManager object rather than using the module-level convenience functions:
>>> manager = tokenlib.TokenManager(secret="I_LIKE_UNICORNS")
>>> data = manager.parse_token(token)
>>> print data
{u'userid': 42, u'expires': 1329875384.073159, u'salt': u'1c033f'}
This will let you customize e.g. the token expiry timeout or hash module without repeating the settings in each call.
2.0.0 - 2017-12-20
- Py27, Py35 compliant
0.3.1 - 2014-01-08
- Make tokenlib.DEFAULT_HASHMOD a string.
- Fix sporadically-failing test.
0.3.0 - 2014-01-08
- clarified licensing info
- switched to sha256 as default hashing algorithm
- renamed get_token_secret to get_derived_secret to clarify its purpose; the previous name remains but is deprecated.
- added custom ValueError subclasses for more fine-grained error reporting.
0.2.0 - 2012-11-27
- support for python3 via source-level compatibility
0.1.0 - 2012-03-14
- Initial release.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for tokenlib-2.0.0-py2.py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 1c6de2c06edf54954df535e5bd1cbb6d7821be032102f40e5a8a53acd5b03649 |
|
| MD5 | 43c5257af597a500c9f442a5d1361b6a |
|
| BLAKE2-256 | f6d0dd970f811a64391355a387f0ba2a129f135c841b5ffb7d2d30a03ba6b4eb |